Recently, the outflow of personal information and the attack to the society using the internet has been increasing. Widely-used methods include inserting an attack code into a website or making an attacking program downloaded to users' computers through the internet. Such attacks are easily done using the JavaScript used in the website. In addition, a JavaScript obfuscation technique is used to hide a JavaScript containing such an attack code. A variety of methods have been adopted to avoid the attacks based on the internet website.
There is a dynamic analysis system which detects the presence or absence of a malicious action of a malicious website by directly visiting the website and analyzing the result. This dynamic analysis system is susceptible to attacks because it visits the website and analyzes the result, spends a long time visiting the website and analyzing the result, and has a problem of setting up a system environment which can be attacked. There is also a static analysis system which downloads and analyzes a source code of a website. This system is not susceptible to attacks because it is not attacked directly, but needs a person to analyze the source code or spends a long time for the analysis. As the number of the websites is increasing, it takes a very long time to analyze all the websites using the conventional analysis systems.